Apple: 400 iTunes Accounts Hit with Fraud

| News

Apple claims only about 400 iTunes user accounts were compromised in an incident that raised concerns over whether or not the App Store’s security had been breached by hackers. The company also confirmed that its servers weren’t attacked or compromised, according to Clayton Morris from Fox News.

“Apple told me that an extremely small percentage of users, about  400 of the 150 million iTunes users — that is less than 0.0003 percent of iTunes users, were impacted,” he said.

Concerns that Apple’s App Store had been hacked surfaced over the weekend when some users reported they were being charged for ebooks without their permission. The initial concerns led to reports that Apple’s online security systems for the iPhone, iPod touch and iPad App Store had been breached.

Apple responded to the incident by saying developer Thuat Nguyen and his ebooks were dropped from the App Store for fraud-like activity. The company also confirmed that developers don’t have access to user account data.

The Mac and iPhone maker has implemented new security measures to help prevent similar incidents in the future including requiring users to enter their credit card CCV code more often.

Apple’s statements and followup actions back up the notion that the victims in the incident lost their iTunes account passwords through some sort of phishing scam, or because they used weak passwords that were easy to guess.

The fact that this looks to be a situation where user iTunes user account information was compromised outside of the App Store doesn’t diminish the headaches the victims are experiencing, but it does highlight the importance of using account passwords that are difficult to guess, and to avoid using the same password for all of your online accounts.

Popular TMO Stories



Not to make light of this, but it is worth noting that it was a vendor/developer who had programming access to iTunes code that breached the individual accounts. He breached so many laws and ethical codes here and fortunately was caught within 48 hours.

I’m sure that’s not a comfort to the 0.000002666666667% of the iTunes customers that were involved though. It’s still a violation.


I’ve received several obvious phishing messages in the last year or two, purporting to be from Apple or the iTunes store. THey weren’t brilliant, but they looked reasonably authentic. Fortunately I’m sufficiently sophisticated to recognize them, but they are out there and that’s likely what happened here. I’m surprised this doesn’t happen more often, given how careless many of the people I know are about passwords.


Great.  I feel sorry for the 400 people that this happened to.  Thankfully, I’ve stuck with and haven’t had a problem since I started with them (which was September of last year).  How horrible to have this happen to someone.


Just be glad you weren’t in this group. (or maybe you were)

My credit union has issued new debit cards three times in the last 2 years due to this stuff.

Bosco (Brad Hutchings)

One of the developers who discovered it figures it has to be more like 3000 accounts based on his sales and rankings.

Alex Brie, one of the developers who first reported the App Store problems with the Vietnamese developer, is suspicious of Apple’s claims. After his calculations, Nguyen would have needed at least 3,000 hacked iTunes accounts to reach the ranking he had on Sunday in the App Store.

Brie, who also develops iPhone books apps, was affected by Nguyen’s gaming of the App Store ratings. Despite Apple’s claims, he speculates that to achieve such high ratings for his apps, Nguyen had to hack into Apple’s iTunes servers and skip the normal security steps, or run an automated scripted program.

From this story.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account